Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
6794e92b
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
6794e92b
编写于
8月 09, 2012
作者:
A
Aaron Patterson
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #7302 from homakov/default_headers
Introduce default_headers. closes #6311 #6515
上级
6a3d4695
98c18d00
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
38 addition
and
0 deletion
+38
-0
actionpack/lib/action_dispatch/http/response.rb
actionpack/lib/action_dispatch/http/response.rb
+5
-0
actionpack/lib/action_dispatch/railtie.rb
actionpack/lib/action_dispatch/railtie.rb
+1
-0
actionpack/test/dispatch/response_test.rb
actionpack/test/dispatch/response_test.rb
+27
-0
railties/lib/rails/generators/rails/app/templates/config/application.rb
...ails/generators/rails/app/templates/config/application.rb
+5
-0
未找到文件。
actionpack/lib/action_dispatch/http/response.rb
浏览文件 @
6794e92b
...
...
@@ -58,6 +58,7 @@ class Response
LOCATION
=
"Location"
.
freeze
cattr_accessor
(
:default_charset
)
{
"utf-8"
}
cattr_accessor
(
:default_headers
)
include
Rack
::
Response
::
Helpers
include
ActionDispatch
::
Http
::
Cache
::
Response
...
...
@@ -96,6 +97,10 @@ def closed?
def
initialize
(
status
=
200
,
header
=
{},
body
=
[])
super
()
if
self
.
class
.
default_headers
.
respond_to?
(
:merge
)
header
=
self
.
class
.
default_headers
.
merge
(
header
)
end
self
.
body
,
self
.
header
,
self
.
status
=
body
,
header
,
status
@sending_file
=
false
...
...
actionpack/lib/action_dispatch/railtie.rb
浏览文件 @
6794e92b
...
...
@@ -23,6 +23,7 @@ class Railtie < Rails::Railtie
ActionDispatch
::
Http
::
URL
.
tld_length
=
app
.
config
.
action_dispatch
.
tld_length
ActionDispatch
::
Request
.
ignore_accept_header
=
app
.
config
.
action_dispatch
.
ignore_accept_header
ActionDispatch
::
Response
.
default_charset
=
app
.
config
.
action_dispatch
.
default_charset
||
app
.
config
.
encoding
ActionDispatch
::
Response
.
default_headers
=
app
.
config
.
action_dispatch
.
default_headers
ActionDispatch
::
ExceptionWrapper
.
rescue_responses
.
merge!
(
config
.
action_dispatch
.
rescue_responses
)
ActionDispatch
::
ExceptionWrapper
.
rescue_templates
.
merge!
(
config
.
action_dispatch
.
rescue_templates
)
...
...
actionpack/test/dispatch/response_test.rb
浏览文件 @
6794e92b
...
...
@@ -176,6 +176,33 @@ def test_response_body_encoding
ActionDispatch
::
Response
.
default_charset
=
original
end
end
test
"read x_frame_options and x_xss_protection"
do
ActionDispatch
::
Response
.
default_headers
=
{
'X-Frame-Options'
=>
'DENY'
,
'X-XSS-Protection'
=>
'1;'
}
resp
=
ActionDispatch
::
Response
.
new
.
tap
{
|
response
|
response
.
body
=
'Hello'
}
resp
.
to_a
assert_equal
(
'DENY'
,
resp
.
headers
[
'X-Frame-Options'
])
assert_equal
(
'1;'
,
resp
.
headers
[
'X-XSS-Protection'
])
end
test
"read custom default_header"
do
ActionDispatch
::
Response
.
default_headers
=
{
'X-XX-XXXX'
=>
'Here is my phone number'
}
resp
=
ActionDispatch
::
Response
.
new
.
tap
{
|
response
|
response
.
body
=
'Hello'
}
resp
.
to_a
assert_equal
(
'Here is my phone number'
,
resp
.
headers
[
'X-XX-XXXX'
])
end
end
class
ResponseIntegrationTest
<
ActionDispatch
::
IntegrationTest
...
...
railties/lib/rails/generators/rails/app/templates/config/application.rb
浏览文件 @
6794e92b
...
...
@@ -41,6 +41,11 @@ class Application < Rails::Application
# Configure sensitive parameters which will be filtered from the log file.
config.filter_parameters += [:password]
config.action_dispatch.default_headers = {
'X-Frame-Options' =>
'SAMEORIGIN'
,
'X-XSS-Protection'
=>
'1; mode=block'
}
# Use SQL instead of Active Record's schema dumper when creating the database.
# This is necessary if your schema can't be completely dumped by the schema dumper,
# like if you have constraints or database-specific column types.
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录